Omeka 2.2.2, an update for Omeka 2.2, is out today. This update includes several security improvements, so we recommend that all users upgrade to this version.
This release closes a reported vulnerability that could arise if the file upload validation was disabled and users uploaded files that the web server was configured to execute when visited. Omeka has long included a mitigation strategy against PHP files being executed, and this release expands that mitigation to cover more types of files that some servers will execute. Thanks once again to Gjoko Krstic at the Zero Science Lab for finding and reporting this issue.
In addition, this release makes security improvements across all of the administrative functionality, including the bundled Exhibit Builder and Simple Pages plugins.
Finally, the release includes some non-security-related updates too: the collections shortcodes now allow the user to select specific collections by ID, just like the items and exhibits shortcodes, and a few small styling and presentation bugs in the admin interface are fixed. The new Exhibit Builder version that’s included also fixes some minor issues with the links between “next” and “previous” pages in exhibits. This release also includes updates for several language translations.
Please see the release notes for more detail.